Garmin suffers a global outage and ransomware may be to blame


Garmin Titan GPS technology is dealing with a massive service disruption. According to reports from unidentified employees, ransomware may be the culprit.

Visit Garmin.com and you may receive an apology. “Sorry,” he says, adding that the company “is experiencing an outage affecting Garmin.com and Garmin Connect,” the Garmin fitness tracking app.

The outage has also affected Garmin’s phone systems. Email and chat services are also currently offline.

Bleeping Computer notes that Garmin’s official Twitter account posted a message saying the services were not available due to maintenance. The same message had been posted several hours earlier from the Garmin India account.

Users in Japan and India report that “maintenance” has lasted almost 12 hours. That long period of time has led to much speculation on social media that malware is to blame.

In fact, a Taiwanese news site claims (Google Translate link) that Garmin’s IT staff sent out an internal memo warning that the company’s servers had been compromised. Unconfirmed reports claim that the WastedLocker ransomware may have infected those systems.

WastedLocker is a relatively new strain. Security companies attribute it to Evil Corp, the same group responsible for the development and distribution of Dridex and Bit Paymer. Evil Corp’s primary targets are US-based companies and organizations, and hackers are believed to be mostly Russian.

Dridex dates back to 2015, when the crew’s primary focus was wire fraud. Bit Paymer appeared in 2017 when the attacks switched to ransomware.

WastedLocker retains much of the functionality of Bit Paymer, but it is more sophisticated. Malwarebytes researchers describe the WastedLocker samples as highly personalized. Evil Corp essentially offers a custom WastedLocker variant based on the target being attacked.

Personalization is done after an initial breach that allows hackers to assess a potential victim’s defenses. Once that intelligence has been gathered, attackers can unleash a customized version of WastedLocker designed to evade any anti-malware protection they find.

The ransom demands for WastedLocker infections are high, generally ranging from $ 500,000 to $ 10 million in cryptocurrencies.

Garmin is precisely the type of company that Evil Corp tends to pursue. These attacks can be especially devastating given the crew’s penchant for targeting sensitive files and any backups found.

Garmin has been reached for comment and this post will be updated with any information provided.

.